Excessive (100,000+) DNS queries for local and global NTP server configurations in 1Hr

vipul7261 · March 25, 2021, 2:28pm

I’m working on a product which is running on Linux platform with the NTP version of 4.2.8 p12. I’ve seen more than 1,00,000 queries to DNS server in a fairly short period of time while date/time configuration to fetch from NTP host/IP. I examined the network traffic on my board with the latest firmware build and confirmed that there are excessive DNS packets.

There is 2 main observations as below:

As long as the ntpd process is running, there are excessive DNS queries. Stopping ntpd appears to resolve the issue.
Placing the IP instead of host name (ntp1.etn.com - in my case, to be precise) should stop the DNS query but issues is there with or without host name.

vipul7261 · March 30, 2021, 5:03am

Can someone plz share the updates as I’m not able to identify the root cause of this issue. Any clue would be highly appreciated.

alica · March 30, 2021, 6:38am

Sounds like some configuration problem. Please post your ntp.conf.

vipul7261 · March 30, 2021, 9:21am

Thanks Alica for the quick response. I’ve uploaded png formatted files of ntp.conf file.

ntp.drift file contains single line of data → 19.247

Jamesb192 · March 30, 2021, 6:22pm

AFAICT NTP (the implementation) v4.2.8p12 does not seem to use any servers by default, nor the pool. The configuration you posted will cause it to load up as a great useless (uncontrollable, unmonitorable?) lump. The only way it could be generating that much DNS traffic is if someone tampered with it and/or it is screwing up DNS resolution for something else. Follow the traffic. ~~the preceding is my own fault and does not reflect the community as a whole and probably not any part of it.~~

I would suggest adding keyfile, controlkey, and trustedkey lines to make it monitorable (but not for release) and quite a few server line to the same vendor pool address. Possibly a refclock line if you have a relevant device. There are guides on the Internet, try to find one written in the last 5 years or so.

vipul7261 · March 31, 2021, 3:08pm

Thanks for the updates James but I’m not able to figure out an exact steps to follow yet based on your comment description.

Do i have to upgrade the NTP version from v4.2.8p12 to latest one?
Do i test again with an updated ntp.conf file with few modifications to fix this issue? I’ve updated the config files as attached format but no luck. Thanks!
ntp_config_20210331567×539 11.8 KB

alica · April 6, 2021, 4:29pm

Why are you restrict-ing your server lines? server, as the name implies, should be allowed to change the time parameter of your system (the client). I have posted my ntp.conf somewhere in the forum; you may check it as an example to configure your ntpd installation.

vipul7261 · April 21, 2021, 4:28am

Alica and All, I could able to fix the issue by modifying ntpd script. Previously, it was kicking ntpd process with multiple options along with it’s configuration file ntp.conf. The string size overflow is the root cause of that issue. Now, my ntpd process is running with limited arguments i.e. ntpd -g -c /etc/ntp.conf and it fixed my issue.

Plz note that, I’m still maintaining same ntp.conf which was being updated in previous reply to James.